agent: Fix container launching failure with systemd cgroup

FSManager of systemd cgroup manager is responsible for setting up cgroup
path. The container launching will be failed if the FSManager is in
read-only mode.

Signed-off-by: Xuewei Niu <niuxuewei.nxw@antgroup.com>

src/agent/rustjail/src/cgroups/fs/mod.rs

@@ -1104,15 +1104,13 @@ impl Manager {
         })
     }
 
-    /// Create a cgroupfs manager without creating any cgroups.
+    /// Create a cgroupfs manager for systemd cgroup.
-    /// A typical case is for systemd cgroup: Systemd manager retains a
+    /// The device cgroup is disabled in systemd cgroup, given that it is
-    /// cgroupfs manager to read cgroup information only. Writing cgroup
+    /// implemented by eBPF.
-    /// rules is done by the systemd. That is, the cgroupfs manager runs in
+    pub fn new_systemd(cpath: &str) -> Result<Self> {
-    /// read-only mode.
-    pub fn new_read_only(cpath: &str) -> Result<Self> {
         let (paths, mounts) = Self::get_paths_and_mounts(cpath).context("Get paths and mounts")?;
 
-        let cg = load_cgroup(cgroups::hierarchies::auto(), cpath);
+        let cg = new_cgroup(cgroups::hierarchies::auto(), cpath)?;
 
         Ok(Self {
             paths,

src/agent/rustjail/src/cgroups/systemd/manager.rs

@@ -113,7 +113,7 @@ impl Manager {
         let (parent_slice, unit_name) = cgroups_path.parse()?;
         let cpath = parent_slice + "/" + &unit_name;
 
-        let fs_manager = FsManager::new_read_only(cpath.as_str())?;
+        let fs_manager = FsManager::new_systemd(cpath.as_str())?;
 
         Ok(Manager {
             paths: fs_manager.paths.clone(),